mozilla From Firefox 47 You'll Have to Manually Enable All Plugins, Except Flash

[vissha]

From Firefox 47 You'll Have to Manually Enable All Plugins, Except Flash

 

 

Starting with Firefox 47, expected in June, all browser plugins except Flash will be "click-to-activate"

 

Quote

Mozilla announced plans to force users to click-to-activate all Firefox plugins, with the exception of Adobe Flash. This change will become official when Firefox 47 moves into the stable channel at the start of June.

 

Back in September 2013, Mozilla introduced a whitelist for the "click-to-activate" feature which asks users to enable a plugin like Java, Flash, video codecs, and such, on a per-site basis. [Plugins are different from Firefox Add-ons.]

 

The whitelist meant that a series of plugins were automatically turned on for all sites. Mozilla engineers managed the list of approved plugins, which was hardcoded inside Firefox's code.

 

For all other plugins, users had to click a popup to activate each plugin, or go to the Add-ons section, to the Plugins option and set it to activate on all sites by default.

 

The removal of the whitelist means that users will have to turn on all plugins, one by one, on each site they're needed, which is not a big issue since most of them are used very rarely anyway. The most used was Flash, but Flash doesn't have a bright future in Firefox either.

 

All Firefox users: Bye bye Flash! Good riddance!

 

In October 2015, Mozilla announced plans to drop all NPAPI-based plugins except Flash. This recent move is part of this bigger picture.

 

Mozilla plans to remove all NPAPI-based plugins from its core code, and the Foundation says this is scheduled for Firefox 53. Firefox 53 is scheduled for release in the spring of 2017, with the first alpha versions expected to enter the Aurora channel at the end of January 2017.

 

Flash will continue to work beyond this date and will continue to be turned on by default in all Firefox installs. In the meantime, Mozilla urges developers to start using more modern technologies. The Foundation did not say which, but HTML5 and WebGL are strong contenders.

 

Source

[steven36]

If you can still turn flash on but off by default   its not gone it just means they just now reached the stage they did with Java years  ago . The problem with HTML5 its a spy and uses canvas fingerprinting  the only way around it is to use a fake fingerprint  this is why I stream in MPV + YouTube DL  mostly  and keep canvas turned off. Nothing Firefox done interests me  since they made v43 and started breaking my addons I'll use Palemoon or never update Firefox from 38 ESR  I'm tech savvy enough  to not give a shit  .

[oliverjia]

I suggest Mozilla first pull themselves together and actually provide us with a usable browser, before they try any other fancy shit. FF 45 and 46 were unbearably slow on my Ubuntu box which has i5 and i7 and SSD. It's a shame the first thing I do after a Ubuntu install is to ditch FF and install Chrome, even though FF is still the default browser on Ubuntu.

[CODYQX4]

.

[steven36]

53 minutes ago, CODYQX4 said:

The Flash whitelisting needs to stop. Cut off the head of the beast and burn it once and for all.

The thing about Firefox  you have to install flash to make it work,  so if you get malware its no ones fault but you're own, its easy to trun off and on with a add-on. . Google Chrome has flash built in so if someone catches malware it's Google's fault.    I have a problem with all chrome browsers there's a certain addon  they dont have that causes like a 30% point loss when running a certain anonymity test with my vpn on and with palemoon and  firefox 38 esr  i can reach a 100% score.  The more noticeable you are the more likely you are to end up on the FBi's radar. I know how to turn flash off when not using im not . a noob lol.. 

[Jaley]

On 5/6/2016 at 7:44 AM, CODYQX4 said:

The Flash whitelisting needs to stop. Cut off the head of the beast and burn it once and for all.

But majority of the web apps are still using Flash. And user can't blame anyone apart from themselves should they catch a virus by visiting a dubious site and not regularly updating Flash. TBH if using your pc only for surfing nets like Youtube or any other mainstream site while using updated flash there shouldn't be any worry.

[CODYQX4]

.

[Jaley]

1 minute ago, CODYQX4 said:

As long as it is supported, those sites have little incentive to upgrade.

 

A 1 year hard deadline, do or die would light a fire under their asses.

It would all depends on the developers and whether they are willing to upgrade to a new platform from what i'm seeing, not all developers are willing to do so.

IMO, completely cutting off Adobe Flash at this point of time won't be a good idea, maybe Firefox and Chrome could consider isolating it and allow user to enable it manually should they know the risk involving behind it. Or maybe consider working with companies like Invicea(Sandboxie) to work out a solution for not only just against zero-day vuln but also against any potential malicious drive-by-downloads.

[CODYQX4]

.

[steven36]

41 minutes ago, CODYQX4 said:

 

Adapt or die. Every tech has to go. If they're not willing then they can't serve up video anymore...

 

Flash should have died last decade, and it's the most insecure software out there and we're giving the most insecure software of the planet mass distribution and exemptions to all the new browser security.

Most of this mess started around 2012  when FBI 1st exploited  flash and its gets worse and worse  back a few years ago the government  exploited it and bring it to the hackers attention.

 

Former Tor Developer Created Malware for FBI

Quote

The Cornhusker malware exploited vulnerabilities in Adobe Flash Player to reveal Tor users' actual IP address to an FBI servers outside the Tor network.

http://thehackernews.com/2016/04/tor-unmask-malware.html

 

History of Flash: Zero day and other vulnerabilities

http://blog.trendmicro.com/history-of-flash-zero-day-and-other-vulnerabilities/

 

Last decade this never happened yet no one even thought about it . And HTML5 has always been a spy so you're just substituting one evil for the other

 

Bad timing: New HTML5 trickery lets hackers silently spy on browsers

http://www.theregister.co.uk/2013/08/05/html5_timing_attacks/

 

I keep flash turned off most any kind of malware i see  is hidden in JavaScript  and HTML5 that malwarebytes and, ublock  blocks or i add to my filters myself.